Modern cybersecurity faces an escalating challenge: fileless malware and obfuscation techniques increasingly bypass traditional file-based detection methods.<\/p>\n
To address this growing threat, JPCERT\/CC has released YAMAGoya. This open-source threat hunting tool leverages industry-standard detection rules to identify suspicious activity in real time.<\/p>\n
YAMAGoya represents a significant advancement in endpoint threat detection by combining Event Tracing for Windows<\/a> (ETW) event monitoring with memory scanning capabilities.<\/p>\n Unlike conventional security tools that rely on proprietary detection engines, YAMAGoya directly supports Sigma and YARA rules.<\/p>\n Enabling security analysts to deploy community-driven detection logic across their infrastructure.<\/p>\n The tool operates entirely in userland, requiring no kernel driver installation, which simplifies deployment across organizational environments.<\/p>\n Its real-time monitoring<\/a> capabilities track files, processes, registry modifications, DNS queries, network connections, PowerShell execution, and WMI commands simultaneously.<\/p>\n This comprehensive approach enables the detection of both traditional and fileless malware threats.<\/p>\n According to JPCERT\/CC, YAMAGoya supports multiple rule formats, including Sigma rules, YARA rules for memory scanning, and custom YAML rules for correlation-based detection.<\/p>\n JPCERT\/CC security teams can create sophisticated detection logic that correlates multiple events.<\/p>\n Such as file creation followed by process execution, DLL loading<\/a>, and network communication, to identify malicious activity patterns.<\/p>\n The tool is available for immediate evaluation through pre-built binaries on GitHub, with source code available for organizations requiring custom builds.<\/p>\n YAMAGoya operates via both graphical and command-line<\/a> interfaces, accommodating different operational preferences.<\/p>\n Users can run Sigma rule monitoring or memory scanning with simple commands, provided they have administrative privileges.<\/p>\n JPCERT\/CC detection alerts<\/a> appear in the tool\u2019s interface. They are logged to Windows Event Log <\/a>with specific event IDs for integration with security information and event management (SIEM) systems.<\/p>\n This enables centralized monitoring and alerting across enterprise environments. By supporting industry-standard detection rules, YAMAGoya democratizes advanced threat detection <\/a>capabilities.<\/p>\n JPCERT\/CC researchers and incident responders can now leverage community-developed Sigma and YARA rules without vendor lock-in, strengthening the collective cybersecurity defense posture against emerging threats.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post YAMAGoya \u2013 Real-Time Threat Monitoring Tool Using Sigma and YARA Rules<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nOpen-Source Endpoint Detection Solution <\/strong><\/h2>\n
![\"YAMAGoya](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj_IB1NS9TGryq-8dJwJq-SLWCf9qJ1Cdmfa9siHHrKu4g2q8J4-mqZudYCc55o4LK6OnV6gC7SZCRZb1VcHWClVLkoONyXg0ro58lV76UoL9CWicjp59Fbh3g5shDKJO-5-rtDFFUZfgI51P4j-CKZ5eHXocpwrAleEYOAalH69kQwxcfd5sFv0SBcSl8\/s1600\/Screenshot%25202025-11-18%2520182926%2520%25281%2529.webp?ssl=1\")
![\"YAMAGoya's](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEinExB2UDBnLN0SOVEkWH6H6r8k_0qY-fXehNXuBcB2adnLMHQsxqa8zLMPH_OahzjXkDv_AIxCU3hK25TArhlGzDYqKkG9WCTg7OmO8FPbBVgHWV20GEO9egOhTvC6zEjhBADSn0syak00uPszjcK9MI3WE4kNfBJ6_h72foZ_Rp6g6D3qCZBonCU3hEM\/s1600\/Screenshot%25202025-11-18%2520185207%2520%25281%2529.webp?ssl=1\")